It’s alarming on both a consumer and professional level when established companies experience data breaches. 2019 was no exception, with several noteworthy breaches and hacks making the news.
The reality is that most companies and entities are entrusted with sensitive data. As regulations tighten and consumer expectations rise, it is more important than ever to protect data, whenever it is gathered, accessed, shared, or stored.
Let’s take a look at a few of the newsworthy data breaches that happened in 2019. Often, studying these cases can inform SecOps teams about what not to do.
The private data of 200 million players was exposed through a breach point discovered on a retired, unsecured Fortnite web page.
Without even needing login information, hackers were able to access accounts, record audio, and use in-game currency.
Fortnite players had been targeted through less sophisticated means in the past — for instance, by being conned by scammers who gathered login and payment info with a promise of in-game currency. The January 2019 breach was another situation altogether.
Hackers exploited a web page vulnerability to employ an XSS attack when victims clicked on a link. XSS, or cross-site scripting, attacks inject malicious code into vulnerable web applications. Hackers routinely seek out vulnerabilities that allow these attacks.
In the case of social media app WhatsApp, the numbers involved were even more significant. The privacy of over 1.5 billion users became vulnerable through a more advanced hacking and spyware scheme. When users answered calls through the app, surveillance technology was automatically installed on their phones.
This case gained extra attention in the news when the spyware was tied to the Israeli private security company NSO. NSO denied involvement. However, the organization regularly engages in similar behavior, often in partnership with government agencies, to gather intelligence.
Third-party apps have been a significant factor in several Facebook breaches affecting millions of users. The April breach involved a Mexican digital media company, Cultura Colectiva, which left the data of over 540 million users exposed on a public server. The sensitive data included account credentials, behavior history, and comments.
A second occurrence involved the “At the Pool” app. In this instance, 22,000 users’ passwords were exposed through a backup in an Amazon S3 bucket that stored passwords as unencrypted, plain text. Many users use the same passwords for multiple logins, so this kind of exposure can allow access to Facebook and many other sites.
July: Amazon Web Services (AWS)
Improperly secured Amazon cloud storage was at the heart of the brazen theft of 30 GB of credit application data by a single suspect. About 100 million people in the US and 6 million in Canada were affected when the attackers allegedly gained unauthorized access to a rented cloud data server.
Among the data exposed in the course of the data theft were some 140,000 Social Security numbers, 80,000 bank account numbers, and 1 million Canadian Social Insurance Numbers. Several large entities were affected, including Michigan State University, the Ohio Department of Transportation, Vodafone, and Ford.
The Zynga breach affected over 175 million mobile game players. Hackers were able to access usernames, email addresses, Facebook IDs, login information, phone numbers, and Zynga account IDs.
The Zynga attack is noteworthy as an especially effective targeted attack. Hackers specifically sought to steal the affected data from Zynga.
The positive here is that Zynga stored passwords securely, using salted SHA-1 hashes, where the characters in passwords and keys are mixed, and random characters added. This process can be repeated several times for increased security. Ultimately, this process makes the stolen data much harder to monetize since it is so difficult and time-consuming to crack the passwords.
The good news is that these breaches and hacks mostly had clear origins, and many of them could have been prevented with better security protocols and more robust cybersecurity network security.
MixMode is building the next generation of cybersecurity through innovative AI solutions that monitor network behavior to identify vulnerabilities so you can predict and prevent threats. MixMode can enhance your data security in an era where all data is at risk of becoming a target. Learn more and schedule a demo today.